A newly-discovered flaw in the protection used by "secure" websites across the Internet, the so-called "Heartbleed" bug, has become a major news story. Some widely-used websites like Yahoo!, Imgur, Eventbrite and OKCupid were vulnerable (many have been patched already). While there is real cause for concern, you can (and should!) take a few simple steps to protect yourself.
- Make a list of web accounts you use where security matters: email (first and foremost), banking, credit cards, backup (e.g. Mozy, Carbonite, iCloud), file storage (Dropbox, Evernote), e-commerce (PayPal, Venmo) health information, etc.
- Check if those sites are vulnerable to the Heartbleed bug here (see safe list below).
- Change your password for each site IF the site is patched or shows as not vulnerable. (I know it's a pain, but better safe than sorry). DO NOT USE THE SAME PASSWORD
- Keep a close eye on financial statements for any unauthorized activity.
>>If the site is still vulnerable, WAIT to change your password
until the site is secure.<<
The following major sites have already been patched or were probably not vulnerable, so you can skip step 2:
- Gmail/Google/Youtube
- Yahoo!
- Dropbox
- Mozy
- Hotmail
- Citibank
- Chase
- iCloud
As always, let us know if you have questions.